I know this site is packed full of experts in the art of pen testing and ethical hacking, but due to your security expertise I was wondering if you can help point me in the direction of some sort of security operations checklist. I.e. the day to day maintenance and monitoring tasks required to maintain acceptable levels of security on your internal host systems. Microsoft has started publishing operations frameworks for many of their server products, i.e. if we take the Active Directory domain services document, it lists numerous routine security “tasks”, such as:

• Review the Remote Access Service account access policy, and update it to meet security policies.• Review User account properties, and update the Remote Desktop group to meet security policies.• Remove locked-out, disabled, or expired accounts.• Ensure that the most restrictive permissions are applied (shares) • Remove shared folders that are no longer required.• Verify and ensure that NTFS file system permissions are set appropriately on all shared folders and content in shared folders.

So there is some information I can obtain from here. But if you have ever had any role in security ops as opposed to pen testing, I wondered if you have any input you can share. I am looking at this from a risk assessment perspective, to see if they are doing such tasks, but I was struggling to find anything comprehensive. So any guidance or links to such documentation most welcome. But any sort of essential security operations lists be it daily, weekly, monthly etc would be a great help.

Thanks for the link. If you have senior management serious abaout security where you work, or for your clients, do they ever ask for any specific security metrics to gauge how well they are doing? If yes which specific metrics do you use/produce?